The EU General Data Protection Regulation (GDPR) controls how organizations collect, use and store personal data. It applies to both businesses based in the European Economic Area (EEA) and to those with no physical establishment in the EU, but with operations that fall into the extraterritorial scope of the GDPR. Fines for GDPR violations can reach €20m or 4% of the annual worldwide turnover (whichever is higher).
FLI partners are meeting the needs of clients during the painful stages of COVID-19 quarantines and lockdowns, as well as the various phases of cautious re-opening of business. Sadly, this comes with occasional regression to shuttered plants and offices with renewed outbreaks of the novel coronavirus. In each of these phases, IT and communications play a critical role, bringing heightened cybersecurity risks and new privacy challenges that are pushing enterprises to make changes that will likely last beyond the current crisis.
With lawyers and clients working from home, we have come to rely more heavily than ever before on relatively less secure IT applications and systems, outside the tested company firewalls, often using personal devices and consumer-grade connections that may leave us comically stuttering or dropping in and out of video conferences and potentially exposing confidential exchanges to bombers and trolls – or to more serious hackers. We have had to quickly adapt to utilizing Internet-based chat apps, once the preserve of teenagers and after-hours socializing, now critical for daily business functions. We are learning how to take precautions with conferencing apps that were designed for board meetings and sales pitches but are now employed for everything from teaching students at home to conducting court hearings. (UK Prime Minister Boris Johnson inadvertently gave us all an object lesson in videoconference security when he tweeted a screenshot of his first-ever virtual cabinet meeting -- complete with the Zoom meeting ID for all the world to see.) Companies are scrambling to download VPNs and security software on employee smartphones and laptops while making the necessary updates to their employee privacy policies and “acceptable use” terms for company network access.
COVID has accelerated the take-up of cloud-based software-as-a-service (SaaS), a trend that has been going on for years, where companies subscribe to the software and access it by the Internet. Increasingly, they also host their data in the cloud, renting space and services from AWS, IBM, or others rather than building their own data centres. It turns out that the cloud model is an advantage when workers are at home but have Internet connections.
As major vendors integrate productivity applications with communications, the majority of large enterprises, and an increasing number of small and medium enterprises, are adopting these solutions. A CNBC survey in December 2019 reported that Microsoft Teams, which integrates the Microsoft (formerly Office) 365 suite with Skype for Business, had overtaken Slack for group communications. Cisco offers some similar functionality with Webex Teams, and Zoom phone goes beyond conferencing now to provide calling, chat, and messaging. Tens of millions of business users were subscribed to these cloud-based applications before the COVID lockdowns, and their use has skyrocketed since. It is not likely a temporary phenomenon.
But the cloud model raises security and privacy issues, often cross-border, that lawyers can help their clients tackle. Several countries (including China and Russia) have adopted data localization measures that effectively require local data hosting. Many restrict the use of encryption. The European Union and many other jurisdictions with comprehensive data protection laws impose conditions on the transfer of personally identifiable information. Several countries restrict voice over Internet protocol applications such as Skype and WhatsApp that bypass telephone tolls or government surveillance (although some of these restrictions have been temporarily eased during the COVID crisis).
FLI has recently assisted clients in these areas, including:
• Compliance counselling for the deployment of SaaS, AWS hosting, private networks, encryption, VSATs, VPNs, Microsoft Teams, and other cloud services in more than 80 countries • Negotiation of vendor agreements • Licensing or permitting for telecoms or encryption • Updating internal and vendor security policies • Updating employee privacy policies and “acceptable use” policies for technology.
Re-opening and recovery from the COVID pandemic will entail new security demands and privacy challenges for our clients. Increased video surveillance to document compliance with safety rules; testing of employees, building visitors, and customers; record-keeping to facilitate contact tracing; possibly the introduction of health documents such as proof of antigen testing or vaccination – these will all push the limits of current policies on notices, data retention, data subject rights, security, and potential liability and enforcement. FLI partners can guide their clients to practical legal solutions in these areas as well.
Join 10,000 legal professionals
on our mailing list.
Expertly curated emails that will keep you up to date with the latest in the industry.
Scott Blackmer
Scott leads the Americas Management Team. Previously a partner at WilmerHale, Scott advises private and federal clients in technology and is regarded as a leading authority in intellectual property and international trade. He has served as an advisor on privacy, data protection and digital identity to various Fortune 500 entities as well as government organizations.
With extensive experience in all matters related to data protection and cybersecurity, in both consumer and human resources contexts, Scott is an expert in a wide range of legal issues that companies face in online and mobile business, especially across borders.
Related Articles
See more
In 2015 a study made by FIS found that only 23% of customers believe their banks are fulfilling their expectations. Now, in the COVID-19 era, a recent survey conducted by PwC shows that even though consumers are happier with the banking services provided, the new risks of the industry are competitors and mostly non-traditional competitors. In fact, KPMG has stated that banks are encouraged to use channels that haven’t been prioritized in the past.
Starting with 1990, digitalization has been a constant in the financial industry. This trend that continues to grow is driven by new customer expectations. When today's consumer evaluates financial services, they don't compare banks anymore. They compare experiences. Thus, banks adopted new technologies to improve their services, and create smarter digital service offerings.
With a digital-first focus, the banking game has changed, as shown by the new disruptive proposals that appear in the industry. The latest of which, is virtual banking.
It has been two years since the Office of the Comptroller of the Currency (“OCC”) announced the “Fintech Charters” plan. Whilst it has faced great challenges, with the lawsuit filing against this motion, the OCC has persisted with its plan with the Second Circuit. It is important to examine the opportunities, challenges as well as impacts that the charters will have on the regulatory landscape of the fintech companies.
Get Started
Whatever your industry, connect with a member of our cross-border team today. We’ll take care of the rest.